Proving Safety with Trace Automata and Bounded Model Checking

Loop under-approximation is a technique that enriches C programs with additional branches that represent the effect of a (limited) range of loop iterations. While this technique can speed up the detection of bugs significantly, it introduces redundant execution traces which may complicate the verification of the program. This holds particularly true for verification tools based on Bounded Model Checking, which incorporate simplistic heuristics to determine whether all feasible iterations of a loop have been considered. We present a technique that uses \emph{trace automata} to eliminate redundant executions after performing loop acceleration. The method reduces the diameter of the program under analysis, which is in certain cases sufficient to allow a safety proof using Bounded Model Checking. Our transformation is precise---it does not introduce false positives, nor does it mask any errors. We have implemented the analysis as a source-to-source transformation, and present experimental results showing the applicability of the technique

The parallel approximability of a subclass of quadratic programming

In this paper we deal with the parallel approximability of a special class of Quadratic Programming (QP), called Smooth Positive Quadratic Programming. This subclass of QP is obtained by imposing restrictions on the coefficients of the QP instance. The Smoothness condition restricts the magnitudes of the coefficients while the positiveness requires that all the coefficients be non-negative. Interestingly, even with these restrictions several combinatorial problems can be modeled by Smooth QP. We show NC Approximation Schemes for the instances of Smooth Positive QP. This is done by reducing the instance of QP to an instance of Positive Linear Programming, finding in NC an approximate fractional solution to the obtained program, and then rounding the fractional solution to an integer approximate solution for the original problem. Then we show how to extend the result for positive instances of bounded degree to Smooth Integer Programming problems. Finally, we formulate several important combinatorial problems as Positive Quadratic Programs (or Positive Integer Programs) in packing/covering form and show that the techniques presented can be used to obtain NC Approximation Schemes for "dense" instances of such problems.Peer ReviewedPostprint (published version

The subdivision of large simplicial cones in Normaliz

Normaliz is an open-source software for the computation of lattice points in rational polyhedra, or, in a different language, the solutions of linear diophantine systems. The two main computational goals are (i) finding a system of generators of the set of lattice points and (ii) counting elements degree-wise in a generating function, the Hilbert Series. In the homogeneous case, in which the polyhedron is a cone, the set of generators is the Hilbert basis of the intersection of the cone and the lattice, an affine monoid. We will present some improvements to the Normaliz algorithm by subdividing simplicial cones with huge volumes. In the first approach the subdivision points are found by integer programming techniques. For this purpose we interface to the integer programming solver SCIP to our software. In the second approach we try to find good subdivision points in an approximating overcone that is faster to compute.Comment: To appear in the proceedings of the ICMS 2016, published by Springer as Volume 9725 of Lecture Notes in Computer Science (LNCS

Integer polyhedra for program analysis

Polyhedra are widely used in model checking and abstract interpretation. Polyhedral analysis is effective when the relationships between variables are linear, but suffers from imprecision when it is necessary to take into account the integrality of the represented space. Imprecision also arises when non-linear constraints occur. Moreover, in terms of tractability, even a space defined by linear constraints can become unmanageable owing to the excessive number of inequalities. Thus it is useful to identify those inequalities whose omission has least impact on the represented space. This paper shows how these issues can be addressed in a novel way by growing the integer hull of the space and approximating the number of integral points within a bounded polyhedron